More than one-third (35.6 percent) of surveyed professionals in the Internet of Things-connected medical device ecosystem say their organizations have experienced a cybersecurity incident in the past year, according to a recent Deloitte poll. Identifying and mitigating the risks of fielded and legacy connected devices presents the industry’s biggest cybersecurity challenge according to respondents (30.1 percent). http://www2.deloitte.com/us/en/pages/about-deloitte/articles/press-releases/legacy-fielded-medical-devices-pose-greatest-cybersecurity-challenge-to-IoT-device-ecosystem.html?id=us:2el:3pr:meddevsec:awa:adv:081517

1. Medical devices and the Internet of Things:
A three-layer defense against cyber threats
Deloitte Poll results from May 2017

2. 2Medical devices and the Internet of Things: A three-layer defense against cyber threatsCopyright © 2017 Deloitte Development LLC. All rights reserved.
Methodology
370+ professionals whose organizations operate in
the medical device/IoT ecosystem responded to poll
questions during the Deloitte Dbriefs webcast,
“Medical devices and the Internet of Things: A three-
layer defense against cyber threats,” on May 23,
2017. Respondent organizations include medical
device or component manufacturers (i.e.,
implantables, diagnostic devices, capital equipment;
31 percent); healthcare IT organizations (i.e., mobile
app/software developers; 22 percent); medical
device users (i.e., healthcare providers, device
monitoring; 36 percent); and regulators (10
percent). Answer rates differed by question.

3. 3Medical devices and the Internet of Things: A three-layer defense against cyber threatsCopyright © 2017 Deloitte Development LLC. All rights reserved.
Votes received: 523
Has your organization experienced a cybersecurity incident
during the past 12 months?
1.3% Not applicable
Yes 35.6%
36.5%No
Don’t
Know
26.6%

4. 4Medical devices and the Internet of Things: A three-layer defense against cyber threatsCopyright © 2017 Deloitte Development LLC. All rights reserved.
Votes received: 502
What do you think is the biggest challenge facing the medical
device industry with regards to cybersecurity?
Embedding vulnerability
management into the
design phase of medical
devices
19.7%
Identifying and
mitigating the
risks of fielded and
legacy devices
30.1%
Meeting regulatory
requirements8.4%
Lack of
collaboration on
cyber threat
management
throughout
connected medical
device supply chain
17.9%
Monitoring and
responding to
cybersecurity incidents
19.5%
4.4% Don’t know/Not applicable

5. 5Medical devices and the Internet of Things: A three-layer defense against cyber threatsCopyright © 2017 Deloitte Development LLC. All rights reserved.
18.6%
Very prepared
55.8%
Somewhat prepared
12.7%
Not prepared
Votes received: 371
How prepared is your organization to address litigation, internal
investigations or regulatory matters related to medical device
cybersecurity incidents in the next 12 months?
12.9% Other/No opinion

6. 6Medical devices and the Internet of Things: A three-layer defense against cyber threatsCopyright © 2017 Deloitte Development LLC. All rights reserved.
Media contact
Lauren Hallman
Public Relations
Deloitte Services LP
lahallman@deloitte.com
Full press release available on Deloitte.com

7. The statements in this report reflect the aggregation of poll responses and are not intended to reflect facts or opinions of
any entities. All data, charts and statistics referenced and presented, as well as the representations made and opinions
expressed, unless specifically described otherwise, pertain only to the participants and their responses to the Deloitte poll.
The information obtained during the poll was taken “as is” and was not validated or confirmed by Deloitte.
This presentation contains general information only and Deloitte is not, by means of this presentation, rendering
accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a
substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may
affect your business. Before making any decision or taking any action that may affect your business, you should consult a
qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation.
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”),
its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and
independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States,
Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name
in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules
and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of
member firms.
Copyright © 2017 Deloitte Development LLC. All rights reserved.